Although you can use this operation while testing your application, you never call it in production. To authenticate a real customer, you must use the Account Enroll or Authentication KBA component.
You use this operation to submit the customer's answers to the questions that were retrieved in the Retrieve Authentication Questions call that's identified by the authToken request property.
If the answers are correct (HTTP status 200), the operation returns a userToken that identifies the authenticated customer. You use this token as the value of the x-credmo-user-token header in subsequent API calls.
If the operation returns a 206 response, the authentication provider has determined that the customer must answer some more questions. This can happen when, for example, too many of the questions were (correctly) answered with "None of the above". The additional questions are included in the response body, which takes the same form as the Retrieve Authentication Questions response.
If the customer provides a wrong answer to one or more of the questions, the operation returns 401. If you want to continue with this customer, you must retrieve a new set of questions by calling Retrieve Authentication Questions. Retrieving a new set of questions is a billable event.
Click Try It! to start a request and see the response here!